Opmantek: >> Open-Audit >> 1.5.2 Security Vulnerabilities
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.
CVSS Score
6.1
EPSS Score
0.045
Published
2021-12-20
Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.
CVSS Score
5.9
EPSS Score
0.006
Published
2021-01-20
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.
CVSS Score
8.8
EPSS Score
0.009
Published
2019-09-13
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-07-06